Re: S/MIME outside the US?

[lmccarth@cs.umass.edu]

volley@lls.se writes:
> If I got things right, DES is "exportable" as long as the keysize
> is kept under a certain size, which is too small to be really secure?

All things are exportable as long as the keysize is kept under a certain size,
which is too small to be really secure.  (Unless they're used for banking, or
only for authentication, or you're only taking it with you for personal use on
a trip, or....) 

> If that's the case, I guess RC2 is the last resort? Is it good enough,

The (alleged) source code has only been public for several weeks. No-one has
announced any major weakness in RC2, AFAIK, but then again the non-RSADSI
research community hasn't had much of a crack at it yet.

> or do I have to leave out S/MIME support, and just communicate with
> people outside the U.S or something?

A couple of points:

0) You can import whatever crypto code you like _into_ the U.S., subject to
any export restrictions that might be in effect in Sweden or wherever else
you might be.

1) People in the U.S. can legally use whatever algorithms and keysizes they 
wish in communicating with people outside the U.S.  We are forbidden to
export the crypto software, not messages processed by the software.

2) In view of 0) and 1), it is desirable to have people outside the U.S.
(you, for instance :) develop strong commercial crypto software with a 
fabulous UI and spread it far and wide. [The desirability of this trend is in
the eye of the beholder....]

-Lewis	"You're always disappointed, nothing seems to keep you high -- drive 
	your bargains, push your papers, win your medals, fuck your strangers;
	don't it leave you on the empty side ?"  (Joni Mitchell, 1972)